今天要说的是用VBS(VBScript脚本)来枚举Windows操作系统的进程,这样做的用处在什么地方呢?举个例子吧,比如你有时候想监控某个进程是否在运行,这就非常有用了.
示例:
用VBS脚本枚举进程
\’enum.vbs
Dim WMI,Objs,Process
Set WMI=GetObject(\”WinMgmts:\”)
Set Objs=WMI.InstancesOf(\”Win32_Process\”)
Process=\”\”
For Each Obj In Objs
Process=Process & Obj.Description & Chr(13) & Chr(10)
Next
MsgBox Process
我在这儿采用的方式是弹出一个对话框,方便观看嘛,当然你也可以使用FSO来生成一个文本文件保存起来.
前面说到要监控某个进程是否在运行,实现如下.
示例:
\’monitor.vbs
\’检测IE是否在运行中
Dim WMI,Objs,Process
Set WMI=GetObject(\”WinMgmts:\”)
Set Objs=WMI.InstancesOf(\”Win32_Process\”)
Process=\”\”
For Each Obj In Objs
\’Process=Process & Obj.Description & Chr(13) & Chr(10)
Process = Obj.Description
if Process = \”iexplore.exe\” then
msgbox \”IE在运行中…\”
end if
Next
呵呵,当然,还可以引申出来其它应用.
下面给大家分享一个列举进程详细列表的vbs
\’ FileName: ProcessMagnifier.vbs
\’ Function: Capture information about the running processes in detail
\’ code by somebody
\’ QQ: 240460440
\’ LastModified: 2007-12-9 18:50
const HKEY_CURRENT_USER = &H80000001
Set oReg = GetObject(\”winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\default:StdRegProv\”)
strKeyPath = \”Console\\%SystemRoot%_system32_cmd.exe\”
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strValueName1 = \”CodePage\”
dwValue1 = 936
strValueName2 = \”ScreenBufferSize\”
dwValue2 = 98304200
strValueName3 = \”WindowSize\”
dwValue3 = 2818173
strValueName4 = \”HistoryNoDup\”
dwValue4 = 0
strValueName5 = \”WindowPosition\”
dwValue5 = 131068
strValueName6 = \”QuickEdit\”
dwValue6 = 2048
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName1,dwValue1
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName2,dwValue2
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName3,dwValue3
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName4,dwValue4
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName5,dwValue5
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName6,dwValue6
Dim objWSH, FinalPath
Set objWSH = WScript.CreateObject(\”WScript.Shell\”)
If (Lcase(Right(WScript.Fullname,11))=\”wscript.exe\”) Then
FinalPath = \”\’\” & WScript.ScriptFullName & \”\’\”
objWSH.Run(\”cmd.exe /k cscript //nologo \” &Replace(FinalPath,\”\’\”,\”\”\”\”))
WScript.Quit
End If
oReg.DeleteKey HKEY_CURRENT_USER, strKeyPath
Set oReg = nothing
Wscript.Sleep 1000
Mystr = Array(115,111,109,101,98,111,100,121)
for i=0 to Ubound(Mystr)
author=author&chr(Mystr(i))
Next
WScript.Echo
WScript.Sleep 3000
WScript.Echo \”当前正在运行的进程简要信息列表如下:\”
WScript.Echo vbCrLf
WScript.Sleep 2000
Dim MyOBJProcessName
Set OBJWMIProcess = GetObject(\”winmgmts:\\\\.\\root\\cimv2\”).ExecQuery(\”Select * From Win32_Process\”)
WScript.Echo \”Name: Priority: PID: Owner:\” &vbTab&vbTab&\”ExecutablePath: \”
WScript.Echo \”—————————————————————————————\”
For Each OBJProcess in OBJWMIProcess
MyOBJProcessName=OBJProcess.Name&\” \”
colProperties = OBJProcess.GetOwner(strNameOfUser,strUserDomain)
WScript.Echo Mid(MyOBJProcessName,1,20) &vbTab& OBJProcess.Priority &vbTab& OBJProcess.ProcessID &vbTab& strNameOfUser &vbTab&vbTab& OBJProcess.ExecutablePath
Next
WScript.Sleep 5000
WScript.Echo vbCrLf
WScript.Echo \”当前正在运行的进程以及其加载的模块详细信息树状结构如下:\”
WScript.Echo vbCrLf
WScript.Sleep 3000
WScript.Echo vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab& vbTab&\”创建时间 文件制造商\”
Set OBJWMIService = GetObject(\”winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\cimv2\”)
Set OBJRefresher = CreateObject(\”WbemScripting.SWbemRefresher\”)
Set colItems = OBJRefresher.AddEnum(OBJWMIService,\”Win32_PerfFormattedData_PerfProc_FullImage_Costly\”).ObjectSet
OBJRefresher.Refresh
For Each OBJItem In colItems
Dim originalPath, ModulePath, WMIPathMode, FileManufacturer, LCaseModulePath
Dim FileExtension, mark, MyLCaseModulePath, FinalModulePath
originalPath = OBJItem.Name
ModulePath = Split(originalPath,\”/\”)
WMIPathMode = Replace(ModulePath(1),\”\\\”,\”\\\\\”)
Set OBJWMI = GetObject(\”winmgmts:\\\\.\\root\\CIMV2\”)
Set colManufacturer = OBJWMI.ExecQuery(\”SELECT * FROM CIM_DataFile Where Name=\’\” & WMIPathMode & \”\’\”)
For Each OBJManufacturer In colManufacturer
FileManufacturer=Trim(OBJManufacturer.Manufacturer)
LCaseModulePath=LCase(Trim(OBJManufacturer.Name))
FileExtension=Right(LCaseModulePath, 3)
MyLCaseModulePath=LCaseModulePath & \” \”
Set FSO = CreateObject(\”Scripting.FileSystemObject\”).GetFile(LCaseModulePath)
If FileExtension=\”exe\” Then
mark=\”├—\”
FinalModulePath=Mid(MyLCaseModulePath,1,118)
WScript.Echo \”│\”
Else
mark=\”│├─\”
FinalModulePath=Mid(MyLCaseModulePath,1,116)
End If
WScript.Echo mark & FinalModulePath & FSO.DateCreated &vbTab& FileManufacturer
Next
Next
MyVBSPath = \”\’\” & WScript.ScriptFullName & \”\’\”
Myclipboard = \”cscript //nologo \” & Replace(MyVBSPath,\”\’\”,\”\”\”\”)
Set objIE = CreateObject(\”InternetExplorer.Application\”)
objIE.Navigate(\”about:blank\”)
objIE.document.parentwindow.clipboardData.SetData \”text\”, Myclipboard
经过测试效果很不错,喜欢vbs的朋友可以学习一下。
